Research what interests you. Malware is a pretty hot topic, especially because of Stuxnet, Duqu, and Gauss. I'm sure you can find some cool things to research and write about.

If and when you do write an article, take the time to polish your writing: spell-check, re-read, revise, etc. Make sure everything is accurate and clear. If your writing is sloppy, people will have trouble understanding you and may not bother to read it.

as far as your topic goes, well creating custom code is certainly one way to get past signature based scanners. If it is new code, with new hashes and new behavior, well you will certainly be able to hide from the average home AV. Enterprise AVs will run things like App control and heuristic scanning. Both of which are tougher to bypass.

I think any article written about security will be good. There are so many areas of security that there will always be people that find your article interesting. As they maybe an expert in one area but no one is expert in all area of security and its a constant battle to learn more and more.

You are going to write an article about how to code virus code without knowing any coding language and the goal is to bypass the smartest coders in this world with you knowing no coding language. That's not even funny anymore.

In what language is it going to be then ? L33t v3.0 ?

Please stop trolling, you won the price last month of the poster with the most posts and got the free training, there's no need to post like a mad man saying NOTHING anymore.

You are going to write an article about how to code virus code without knowing any coding language and the goal is to bypass the smartest coders in this world with you knowing no coding language. That's not even funny anymore.

In what language is it going to be then ? L33t v3.0 ?

Please stop trolling, you won the price last month of the poster with the most posts and got the free training, there's no need to post like a mad man saying NOTHING anymore.

ouch, yeah ignore that comment man. Though there is something to consider, I've looked at some pretty advanced samples that made it past the typical checks, one may even call them "persistent" . So you may not be able to avoid the coding part. What you can do is write a defensive article on how one protects against this type of malware. That will be some good research for you.

Please do write the article. It's alot easier to tear folks down that to actually do something constructive.

I'm not entirely sure where you would go with your research on this, if you're not custom coding and you're not using a builder. I suppose you could talk about how people tweak existing malware in order to create a variant, invalidate the existing signatures, and get past the scanners. There are certainly alot of example of this out there to look at.

@cyber.spirit - I think you should definitely put the time / research in, and write your article. Regardless of sternone's remarks or thinking, IF you learn from the experience, then it's a worthwhile effort. If others learn, too, then all the better.

@sternone - I'm happy to see you advancing in Offsec's labs, however, I think your 'play-by-play', as someone called it, is borderline on giving other students too much information. The post where you pointed out the multi-NIC machine, for instance, OS and all (even without giving the IP's) is enough to have people openly going looking for that box. While yes, there is something to hitting the other parts of the network, if they start focusing on that, there's a lot of other machines that they might 'skip', thinking the importance of reaching the admin network, for instance, is of utmost importance. They'll miss out on learning topics from the remaining lab boxes.

I know you didn't give away the proverbial 'keys to the kingdom' or anything, but I think you're teetering on the fencepost. Also, please note the next bit, here, is not an attack, but... In addition, attacking cyber.spirit's article idea, when 'tooting your own horn', constantly, after every exploit you achieve in the OSCP lab, leaves me thinking you're out for self-promotion and glory. Doesn't leave me much more interested in your future writings, either.

Be tactful and respectful, please.

Last edited by hayabusa on Sun Sep 09, 2012 10:56 am, edited 1 time in total.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

You mentioned ProRat, I am thinking about trying it out, I know this a borderline stupid question, but is it "safe" it download and run the program? I assume most commercial type malware programs dont infect the "customer" machines...

hayabusa wrote:@sternone - I'm happy to see you advancing in Offsec's labs, however, I think your 'play-by-play', as someone called it, is borderline on giving other students too much information. The post where you pointed out the multi-NIC machine, for instance, OS and all (even without giving the IP's) is enough to have people openly going looking for that box. While yes, there is something to hitting the other parts of the network, if they start focusing on that, there's a lot of other machines that they might 'skip', thinking the importance of reaching the admin network, for instance, is of utmost importance. They'll miss out on learning topics from the remaining lab boxes.

I know you didn't give away the proverbial 'keys to the kingdom' or anything, but I think you're teetering on the fencepost. Also, please note the next bit, here, is not an attack, but... In addition, attacking cyber.spirit's article idea, when 'tooting your own horn', constantly, after every exploit you achieve in the OSCP lab, leaves me thinking you're out for self-promotion and glory. Doesn't leave me much more interested in your future writings, either.

Be tactful and respectful, please.

Thanks for your reaction.

I really watch out not to disclose anything that would blow it for future lab customers. You know that very well.

About the multihomed machine, well, if they don't get that, they are not in the right place. It's Offensive's own document who shows the network layout, not my posts. I don't need any glory. I would like you to explain me what all the other posts on the forums are for, are they only done for Glory ? Please elaborate. I learn from other's people posts and maybe some would do the same from my posts. Are you affiliated with Offensive Security ? You sure sound like it after I gave 'some small' critical remarks about it your tone completely changed.

About cyber.spirit, he's allowed to post whatever he wants to. I would say that counts both ways, People can say whatever they want to in reply to my posts, again, that works both ways. If you don't like it, well then you shouldn't go on a 'forum' at all.

SephStorm wrote:You mentioned ProRat, I am thinking about trying it out, I know this a borderline stupid question, but is it "safe" it download and run the program? I assume most commercial type malware programs dont infect the "customer" machines...

Hey Seph, well malware is malware. Always treat it with caution. Even if software/samples have been "cleansed" for learning, they can still potentially harm your system. Even though ProRat is a a tool to build it, the source supplying it may have another agenda.

May not even hurt to toss it in a VM and do some behavioral analysis before using it further.

You are going to write an article about how to code virus code without knowing any coding language and the goal is to bypass the smartest coders in this world with you knowing no coding language. That's not even funny anymore.

In what language is it going to be then ? L33t v3.0 ?

Please stop trolling, you won the price last month of the poster with the most posts and got the free training, there's no need to post like a mad man saying NOTHING anymore.

Thank you.

Hey hey hey sternone i'm not going to publish this article just because of the prize because i already won it. I'm always active in this forum and i'll publish alot of my articles here soon because i do love this great forum no mattar if you like it or not.

No man your a specialist in l33t programming not me!!! If you dont know how to create useful or harmful programs without using any programming language it dosent mean its impossible.

Last edited by cyber.spirit on Sun Sep 09, 2012 6:15 pm, edited 1 time in total.